9 | Kr00k vulnerability compromises billions of Wi-Fi devices (簡訳:Kr00k脆弱性が数十億のWi-Fiデバイスを侵害) | ---- | |
ComputerWeekly.com | 2020-02-27 19:20 | ????0? | |
ESET testing has confirmed that prior to patching, devices including the Amazon Echo and Kindle, Apple iPhone, iPad and MacBook, Google Nexus, Samsung Galaxy, Raspberry Pi 3, Xiaomi RedMi, and APs made by Asus and Huawei, were all known to be at risk from Kr00k, which is related to, but largely different from, Krack – a vulnerability in the Wi-Fi Protected Access 2 (WPA2) vulnerability, which was discovered in 2017.At the beginning of the ESET team’s research, they found Kr00k to be one of the possible causes behind the reinstallation of an all-zero encryption key, which they had seen in tests for Krack attacks. This came about after the same team spotted that Amazon Echo devices were still vulnerable to Krack, as previously reported.“According to our information, patches for devices by major manufacturers have been released by now. To protect yourself, as a user, make sure you have applied the latest available updates to your Wi-Fi-capable devices, including phones, tablets, laptops, IoT devices, and Wi-Fi access points and routers. As a device manufacturer, please inquire about patches for the Kr00k vulnerability directly with your chip manufacturer.”If Kr00k was to be taken advantage of by cyber criminals in the wild, like Krack, they would need to be within close range of their target’s Wi-Fi network – although they would not need to know its password to take advantage of it. This would seem to suggest that, as with Krack, there are unlikely to have been many, if any, real-world exploitations.Craig Young, principal security researcher at TripWire, said: “Both attacks [Krack and Kr00k] can potentially allow nearby attackers to gain access to information which should have only been sent after being securely encrypted. In the case of Kr00k, the researchers found that the affected wireless NIC implementations would insecurely send queued data after being disassociated from the network. -- ???????? | |||
????????????????????????????? ??????????????????????? |
????????????